mirror of
https://github.com/optim-enterprises-bv/nDPId.git
synced 2025-11-03 11:47:49 +00:00
Additional semantic validation tests.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
@@ -491,7 +491,7 @@ static void nDPIsrvd_write_flow_info_cb(int outfd, struct nDPIsrvd_flow * const
|
|||||||
#else
|
#else
|
||||||
"0x%08lx"
|
"0x%08lx"
|
||||||
#endif
|
#endif
|
||||||
"][last-seen: %13llu][new-seen: %u][finished: %u][detected: %u][midstream: %u][risky: "
|
"][last-seen: %13llu][new-seen: %u][finished: %u][detected: %u][risky: "
|
||||||
"%u][total-L4-payload-length: "
|
"%u][total-L4-payload-length: "
|
||||||
"%4llu][packets-captured: %u]",
|
"%4llu][packets-captured: %u]",
|
||||||
#ifdef __LP64__
|
#ifdef __LP64__
|
||||||
@@ -503,7 +503,6 @@ static void nDPIsrvd_write_flow_info_cb(int outfd, struct nDPIsrvd_flow * const
|
|||||||
flow_user->flow_new_seen,
|
flow_user->flow_new_seen,
|
||||||
flow_user->detection_finished,
|
flow_user->detection_finished,
|
||||||
flow_user->detected,
|
flow_user->detected,
|
||||||
flow_user->flow_new_seen == 0,
|
|
||||||
flow_user->risky,
|
flow_user->risky,
|
||||||
flow_user->flow_tot_l4_payload_len,
|
flow_user->flow_tot_l4_payload_len,
|
||||||
flow_user->packets != NULL ? utarray_len(flow_user->packets) : 0);
|
flow_user->packets != NULL ? utarray_len(flow_user->packets) : 0);
|
||||||
@@ -515,7 +514,7 @@ static void nDPIsrvd_write_flow_info_cb(int outfd, struct nDPIsrvd_flow * const
|
|||||||
#else
|
#else
|
||||||
"0x%08lx"
|
"0x%08lx"
|
||||||
#endif
|
#endif
|
||||||
"][last-seen: %13llu][new-seen: %u][finished: %u][detected: %u][midstream: %u][risky: "
|
"][last-seen: %13llu][new-seen: %u][finished: %u][detected: %u][risky: "
|
||||||
"%u][total-L4-payload-length: "
|
"%u][total-L4-payload-length: "
|
||||||
"%4llu][packets-captured: %u]",
|
"%4llu][packets-captured: %u]",
|
||||||
flow->id_as_ull,
|
flow->id_as_ull,
|
||||||
@@ -528,7 +527,6 @@ static void nDPIsrvd_write_flow_info_cb(int outfd, struct nDPIsrvd_flow * const
|
|||||||
flow_user->flow_new_seen,
|
flow_user->flow_new_seen,
|
||||||
flow_user->detection_finished,
|
flow_user->detection_finished,
|
||||||
flow_user->detected,
|
flow_user->detected,
|
||||||
flow_user->flow_new_seen == 0,
|
|
||||||
flow_user->risky,
|
flow_user->risky,
|
||||||
flow_user->flow_tot_l4_payload_len,
|
flow_user->flow_tot_l4_payload_len,
|
||||||
flow_user->packets != NULL ? utarray_len(flow_user->packets) : 0);
|
flow_user->packets != NULL ? utarray_len(flow_user->packets) : 0);
|
||||||
|
|||||||
@@ -13,12 +13,11 @@ except ImportError:
|
|||||||
import nDPIsrvd
|
import nDPIsrvd
|
||||||
from nDPIsrvd import nDPIsrvdSocket, TermColor
|
from nDPIsrvd import nDPIsrvdSocket, TermColor
|
||||||
|
|
||||||
global lowest_flow_id_for_new_flow
|
|
||||||
lowest_flow_id_for_new_flow = 0
|
|
||||||
|
|
||||||
class Stats:
|
class Stats:
|
||||||
event_counter = dict()
|
event_counter = dict()
|
||||||
|
|
||||||
|
lowest_flow_id_for_new_flow = 0
|
||||||
lines_processed = 0
|
lines_processed = 0
|
||||||
print_dot_every = 10
|
print_dot_every = 10
|
||||||
print_nmb_every = print_dot_every * 5
|
print_nmb_every = print_dot_every * 5
|
||||||
@@ -65,6 +64,7 @@ class Stats:
|
|||||||
for k in klist:
|
for k in klist:
|
||||||
retval += '| {:<16}: {:<4} '.format(k, self.event_counter[k])
|
retval += '| {:<16}: {:<4} '.format(k, self.event_counter[k])
|
||||||
retval += '\n--' + '-' * 98 + '\n'
|
retval += '\n--' + '-' * 98 + '\n'
|
||||||
|
retval += 'Lowest possible flow id (for new flows): {}\n'.format(self.lowest_flow_id_for_new_flow)
|
||||||
return retval
|
return retval
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
@@ -81,10 +81,10 @@ class SemanticValidationException(Exception):
|
|||||||
return 'Flow ID {}: {}'.format(self.current_flow.flow_id, self.text)
|
return 'Flow ID {}: {}'.format(self.current_flow.flow_id, self.text)
|
||||||
|
|
||||||
def onJsonLineRecvd(json_dict, current_flow, global_user_data):
|
def onJsonLineRecvd(json_dict, current_flow, global_user_data):
|
||||||
global lowest_flow_id_for_new_flow
|
|
||||||
stats = global_user_data
|
stats = global_user_data
|
||||||
stats.incrementEventCounter(json_dict)
|
stats.incrementEventCounter(json_dict)
|
||||||
|
|
||||||
|
# dictionary unique for every flow, useful for flow specific semantic validation
|
||||||
try:
|
try:
|
||||||
semdict = current_flow.semdict
|
semdict = current_flow.semdict
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
@@ -103,6 +103,19 @@ def onJsonLineRecvd(json_dict, current_flow, global_user_data):
|
|||||||
|
|
||||||
if current_flow is not None:
|
if current_flow is not None:
|
||||||
if 'flow_id' in semdict:
|
if 'flow_id' in semdict:
|
||||||
|
semdict_thread_key = 'thread' + str(json_dict['thread_id'])
|
||||||
|
if semdict_thread_key in semdict:
|
||||||
|
if semdict[semdict_thread_key]['lowest_packet_id'] > json_dict['packet_id']:
|
||||||
|
raise SemanticValidationException(current_flow,
|
||||||
|
'Invalid packet id for thread {} received: ' \
|
||||||
|
'expected packet id lesser or equal {}, ' \
|
||||||
|
'got {}'.format(json_dict['thread_id'],
|
||||||
|
semdict[semdict_thread_key]['lowest_packet_id'],
|
||||||
|
json_dict['packet_id']))
|
||||||
|
else:
|
||||||
|
semdict[semdict_thread_key] = dict()
|
||||||
|
semdict[semdict_thread_key]['lowest_packet_id'] = json_dict['packet_id']
|
||||||
|
|
||||||
if semdict['flow_id'] != current_flow.flow_id or \
|
if semdict['flow_id'] != current_flow.flow_id or \
|
||||||
semdict['flow_id'] != json_dict['flow_id']:
|
semdict['flow_id'] != json_dict['flow_id']:
|
||||||
raise SemanticValidationException(current_flow,
|
raise SemanticValidationException(current_flow,
|
||||||
@@ -116,18 +129,43 @@ def onJsonLineRecvd(json_dict, current_flow, global_user_data):
|
|||||||
'{} != {}'.format(json_dict['flow_id'], current_flow.flow_id))
|
'{} != {}'.format(json_dict['flow_id'], current_flow.flow_id))
|
||||||
semdict['flow_id'] = json_dict['flow_id']
|
semdict['flow_id'] = json_dict['flow_id']
|
||||||
|
|
||||||
|
if 'flow_packet_id' in json_dict:
|
||||||
|
try:
|
||||||
|
if json_dict['flow_packet_id'] != current_flow.low_packet_id + 1:
|
||||||
|
raise SemanticValidationException(current_flow,
|
||||||
|
'Invalid flow_packet_id seen, expected {}, got ' \
|
||||||
|
'{}'.format(current_flow.low_packet_id + 1, json_dict['flow_packet_id']))
|
||||||
|
else:
|
||||||
|
current_flow.low_packet_id += 1
|
||||||
|
except AttributeError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
if current_flow.flow_ended == True:
|
||||||
|
raise SemanticValidationException(current_flow,
|
||||||
|
'Received JSON string for a flow that already ended/idled.')
|
||||||
|
except AttributeError:
|
||||||
|
pass
|
||||||
|
|
||||||
if 'flow_event_name' in json_dict:
|
if 'flow_event_name' in json_dict:
|
||||||
if json_dict['flow_event_name'] == 'end' or \
|
if json_dict['flow_event_name'] == 'end' or \
|
||||||
json_dict['flow_event_name'] == 'idle':
|
json_dict['flow_event_name'] == 'idle':
|
||||||
pass
|
current_flow.flow_ended = True
|
||||||
elif json_dict['flow_event_name'] == 'new':
|
elif json_dict['flow_event_name'] == 'new':
|
||||||
if lowest_flow_id_for_new_flow > current_flow.flow_id:
|
if stats.lowest_flow_id_for_new_flow > current_flow.flow_id:
|
||||||
raise SemanticValidationException(current_flow,
|
raise SemanticValidationException(current_flow,
|
||||||
'JSON dictionary lowest flow id for new flow > current flow id: ' \
|
'JSON dictionary lowest flow id for new flow > current flow id: ' \
|
||||||
'{} != {}'.format(lowest_flow_id_for_new_flow, current_flow.flow_id))
|
'{} != {}'.format(stats.lowest_flow_id_for_new_flow, current_flow.flow_id))
|
||||||
|
try:
|
||||||
|
if current_flow.flow_new_seen == True:
|
||||||
|
raise SemanticValidationException(current_flow,
|
||||||
|
'Received flow new event twice.')
|
||||||
|
except AttributeError:
|
||||||
|
pass
|
||||||
current_flow.flow_new_seen = True
|
current_flow.flow_new_seen = True
|
||||||
if lowest_flow_id_for_new_flow == 0:
|
current_flow.flow_packet_id = 0
|
||||||
lowest_flow_id_for_new_flow = current_flow.flow_id
|
if stats.lowest_flow_id_for_new_flow == 0:
|
||||||
|
stats.lowest_flow_id_for_new_flow = current_flow.flow_id
|
||||||
elif json_dict['flow_event_name'] == 'detected' or \
|
elif json_dict['flow_event_name'] == 'detected' or \
|
||||||
json_dict['flow_event_name'] == 'not-detected':
|
json_dict['flow_event_name'] == 'not-detected':
|
||||||
try:
|
try:
|
||||||
@@ -139,9 +177,9 @@ def onJsonLineRecvd(json_dict, current_flow, global_user_data):
|
|||||||
current_flow.flow_detection_finished = True
|
current_flow.flow_detection_finished = True
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if current_flow.flow_new_seen is True and lowest_flow_id_for_new_flow > current_flow.flow_id:
|
if current_flow.flow_new_seen is True and stats.lowest_flow_id_for_new_flow > current_flow.flow_id:
|
||||||
raise SemanticValidationException(current_flow, 'Lowest flow id for flow > current flow id: ' \
|
raise SemanticValidationException(current_flow, 'Lowest flow id for flow > current flow id: ' \
|
||||||
'{} > {}'.format(lowest_flow_id_for_new_flow, current_flow.flow_id))
|
'{} > {}'.format(stats.lowest_flow_id_for_new_flow, current_flow.flow_id))
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|||||||
2
nDPId.c
2
nDPId.c
@@ -1672,7 +1672,7 @@ static int connect_to_json_socket(struct nDPId_reader_thread * const reader_thre
|
|||||||
int opt = NETWORK_BUFFER_MAX_SIZE * 16;
|
int opt = NETWORK_BUFFER_MAX_SIZE * 16;
|
||||||
if (setsockopt(reader_thread->json_sockfd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt)) < 0)
|
if (setsockopt(reader_thread->json_sockfd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt)) < 0)
|
||||||
{
|
{
|
||||||
/* Nop. */
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
saddr.sun_family = AF_UNIX;
|
saddr.sun_family = AF_UNIX;
|
||||||
|
|||||||
Reference in New Issue
Block a user